libwmf security update

2006-07-1812:30:58

CentOS Project

lists.centos.org

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.19 Low

EPSS

Percentile

96.2%

JSON

CentOS Errata and Security Advisory CESA-2006:0597

Libwmf is a library for reading and converting Windows MetaFile vector
graphics (WMF). Libwmf is used by packages such as The GIMP and ImageMagick.

An integer overflow flaw was discovered in libwmf. An attacker could
create a carefully crafted WMF flaw that could execute arbitrary code if
opened by a victim. (CVE-2006-3376).

Users of libwmf should update to these packages which contain a backported
security patch to correct this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-July/075187.html
https://lists.centos.org/pipermail/centos-announce/2006-July/075192.html
https://lists.centos.org/pipermail/centos-announce/2006-July/075193.html
https://lists.centos.org/pipermail/centos-announce/2006-July/075206.html
https://lists.centos.org/pipermail/centos-announce/2006-July/075207.html

Affected packages:
libwmf
libwmf-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0597

OSVersionArchitecturePackageVersionFilename
CentOS4ia64libwmf< 0.2.8.3-5.3libwmf-0.2.8.3-5.3.ia64.rpm
CentOS4ia64libwmf-devel< 0.2.8.3-5.3libwmf-devel-0.2.8.3-5.3.ia64.rpm
CentOS4alphalibwmf< 0.2.8.3-5.3libwmf-0.2.8.3-5.3.alpha.rpm
CentOS4alphalibwmf-devel< 0.2.8.3-5.3libwmf-devel-0.2.8.3-5.3.alpha.rpm
CentOS4s390libwmf< 0.2.8.3-5.3libwmf-0.2.8.3-5.3.s390.rpm
CentOS4s390libwmf-devel< 0.2.8.3-5.3libwmf-devel-0.2.8.3-5.3.s390.rpm
CentOS4s390xlibwmf< 0.2.8.3-5.3libwmf-0.2.8.3-5.3.s390x.rpm
CentOS4s390xlibwmf-devel< 0.2.8.3-5.3libwmf-devel-0.2.8.3-5.3.s390x.rpm
CentOS4i386libwmf< 0.2.8.3-5.3libwmf-0.2.8.3-5.3.i386.rpm
CentOS4x86_64libwmf< 0.2.8.3-5.3libwmf-0.2.8.3-5.3.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	4	ia64	libwmf	< 0.2.8.3-5.3	libwmf-0.2.8.3-5.3.ia64.rpm
CentOS	4	ia64	libwmf-devel	< 0.2.8.3-5.3	libwmf-devel-0.2.8.3-5.3.ia64.rpm
CentOS	4	alpha	libwmf	< 0.2.8.3-5.3	libwmf-0.2.8.3-5.3.alpha.rpm
CentOS	4	alpha	libwmf-devel	< 0.2.8.3-5.3	libwmf-devel-0.2.8.3-5.3.alpha.rpm
CentOS	4	s390	libwmf	< 0.2.8.3-5.3	libwmf-0.2.8.3-5.3.s390.rpm
CentOS	4	s390	libwmf-devel	< 0.2.8.3-5.3	libwmf-devel-0.2.8.3-5.3.s390.rpm
CentOS	4	s390x	libwmf	< 0.2.8.3-5.3	libwmf-0.2.8.3-5.3.s390x.rpm
CentOS	4	s390x	libwmf-devel	< 0.2.8.3-5.3	libwmf-devel-0.2.8.3-5.3.s390x.rpm
CentOS	4	i386	libwmf	< 0.2.8.3-5.3	libwmf-0.2.8.3-5.3.i386.rpm
CentOS	4	x86_64	libwmf	< 0.2.8.3-5.3	libwmf-0.2.8.3-5.3.x86_64.rpm